Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/XVvLBTwg99v8jSp0sJOg27JNTQc.roa
File:                     XVvLBTwg99v8jSp0sJOg27JNTQc.roa (raw, json)
Hash identifier:          mYMr8AcGWDMbHP36+HLJKZOohuCkUE2PX6DgeJ7a5rI=
Subject key identifier:   5D:5B:CB:05:3C:20:F7:DB:FC:8D:2A:74:B0:93:A0:DB:B2:4D:4D:07
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       07DAE6BF
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/XVvLBTwg99v8jSp0sJOg27JNTQc.roa
Signing time:             Sat 01 Jan 2022 05:52:45 +0000
ROA not before:           Sat 01 Jan 2022 05:52:45 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     202592
IP address blocks:        185.96.57.0/24 maxlen: 24
                          185.96.56.0/22 maxlen: 22
                          185.96.56.0/24 maxlen: 24
                          194.38.48.0/22 maxlen: 22
                          193.168.200.0/24 maxlen: 24
                          193.168.200.0/22 maxlen: 22
                          193.168.201.0/24 maxlen: 24
                          193.160.220.0/22 maxlen: 22
                          185.136.16.0/22 maxlen: 22
                          185.136.19.0/24 maxlen: 24
                          185.136.18.0/24 maxlen: 24
                          45.12.100.0/22 maxlen: 22
                          2a05:ff01::/32 maxlen: 32
                          2a05:ff00:2::/48 maxlen: 48
                          2a05:ff00:1::/48 maxlen: 48
                          2a05:ff00::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 131786431 (0x7dae6bf)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Jan  1 05:52:45 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5d5bcb053c20f7dbfc8d2a74b093a0dbb24d4d07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:f3:94:69:42:fd:74:b1:01:c9:80:88:32:cf:
                    8e:f2:49:a6:81:e9:9b:e4:1b:c5:32:8d:25:ae:78:
                    45:a7:31:b6:2d:39:0a:61:38:27:c7:34:dc:c1:72:
                    7f:ef:03:b7:99:2e:98:92:ed:ad:ca:a7:be:ea:ad:
                    54:3f:d2:ed:b5:5a:2d:bd:17:8c:c2:62:74:a0:f1:
                    88:20:2c:1e:f3:9a:e8:f5:13:89:a2:51:1c:0a:3c:
                    00:0a:e7:1d:2d:3c:4b:b1:87:0f:11:24:af:d7:e1:
                    5d:4b:35:4f:72:3a:e1:d2:87:24:b7:ad:b4:77:d6:
                    ca:a3:81:7b:a6:03:de:51:ae:f0:8f:89:9b:10:7d:
                    b9:90:ae:a9:1a:5b:80:e2:32:c7:26:fa:e4:0a:1e:
                    b8:e2:1d:06:e2:64:2e:76:bc:7c:b8:ea:aa:eb:c4:
                    c3:e8:e3:1a:e1:9b:49:66:6c:3f:72:9e:44:56:fe:
                    85:9b:bb:f6:28:67:27:f2:22:81:6c:c5:fb:ef:13:
                    d6:22:3f:78:01:84:e3:d2:28:27:10:a2:a2:bf:34:
                    8a:ea:15:ff:ad:48:7a:6e:47:e5:fc:c7:dc:ec:53:
                    96:1b:d5:82:98:82:d1:f2:0c:47:f1:a5:b4:c8:8d:
                    11:f7:f4:bd:44:08:21:30:1f:d6:c3:a6:18:66:34:
                    52:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:5B:CB:05:3C:20:F7:DB:FC:8D:2A:74:B0:93:A0:DB:B2:4D:4D:07
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/XVvLBTwg99v8jSp0sJOg27JNTQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.100.0/22
                  185.96.56.0/22
                  185.136.16.0/22
                  193.160.220.0/22
                  193.168.200.0/22
                  194.38.48.0/22
                IPv6:
                  2a05:ff00::/31

    Signature Algorithm: sha256WithRSAEncryption
         24:63:17:72:cf:54:ca:2b:56:64:7c:41:e1:f4:44:ca:99:84:
         b0:86:85:3d:11:f3:a2:d9:97:8a:45:f7:4d:0c:43:aa:f7:fc:
         44:42:3d:eb:d7:db:2f:bc:cd:48:d4:04:77:96:2b:76:4d:e1:
         0a:ed:d6:aa:d2:35:ab:f1:58:e2:fa:c4:b6:b0:10:bb:13:77:
         37:84:5a:0a:7b:ec:44:a0:13:6c:fd:79:56:f5:11:42:fc:54:
         0a:45:42:ad:f4:b8:75:cf:aa:ca:36:ef:e3:fc:27:1e:7e:fa:
         42:e9:c2:7a:20:22:12:16:df:24:7d:e2:6d:56:32:9e:8b:9c:
         13:9a:49:6b:17:c4:b5:7b:6e:db:d5:b5:6f:14:84:33:23:7a:
         73:c8:31:51:f4:62:c5:7f:e8:3f:f7:10:4d:32:a5:b8:71:62:
         da:bc:a3:e1:d8:a3:ad:84:8c:97:1c:e7:2c:47:a8:20:45:bd:
         f2:a9:ca:ca:cb:d3:b3:29:d9:66:85:6e:e9:27:9d:fc:bd:21:
         b1:d0:67:09:4e:19:8f:da:8a:d9:0e:93:22:fc:14:19:52:08:
         e6:fe:f2:52:d9:12:80:2d:b0:92:b6:c6:9b:ef:22:cb:77:9d:
         c9:99:f6:2b:b0:25:6e:ef:f3:bf:51:e4:67:d2:e2:31:b9:c3:
         99:b3:a9:ef
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgIEB9rmvzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
MDhkYTljZjAwZDRkNThiODU0ZmZjNjIwMTBmMjM1YjA2ZGYzNTRhMB4XDTIyMDEw
MTA1NTI0NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWQ1YmNiMDUzYzIw
ZjdkYmZjOGQyYTc0YjA5M2EwZGJiMjRkNGQwNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALDzlGlC/XSxAcmAiDLPjvJJpoHpm+QbxTKNJa54Racxti05
CmE4J8c03MFyf+8Dt5kumJLtrcqnvuqtVD/S7bVaLb0XjMJidKDxiCAsHvOa6PUT
iaJRHAo8AArnHS08S7GHDxEkr9fhXUs1T3I64dKHJLettHfWyqOBe6YD3lGu8I+J
mxB9uZCuqRpbgOIyxyb65AoeuOIdBuJkLna8fLjqquvEw+jjGuGbSWZsP3KeRFb+
hZu79ihnJ/IigWzF++8T1iI/eAGE49IoJxCior80iuoV/61Iem5H5fzH3OxTlhvV
gpiC0fIMR/GltMiNEff0vUQIITAf1sOmGGY0Ut8CAwEAAaOCAjYwggIyMB0GA1Ud
DgQWBBRdW8sFPCD32/yNKnSwk6Dbsk1NBzAfBgNVHSMEGDAWgBTQjanPANTVi4VP
/GIBDyNbBt81SjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzBJMnB6d0RVMVl1RlRfeGlBUThqV3diZk5Vby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTkvZmViZWY4LWEwZWEtNGM3ZS04ODA2LTIwZTE5NzgwY2IyZS8x
L1hWdkxCVHdnOTl2OGpTcDBzSk9nMjdKTlRRYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTkv
ZmViZWY4LWEwZWEtNGM3ZS04ODA2LTIwZTE5NzgwY2IyZS8xLzBJMnB6d0RVMVl1
RlRfeGlBUThqV3diZk5Vby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBM
BggrBgEFBQcBBwEB/wQ9MDswKgQCAAEwJAMEAi0MZAMEArlgOAMEArmIEAMEAsGg
3AMEAsGoyAMEAsImMDANBAIAAjAHAwUBKgX/ADANBgkqhkiG9w0BAQsFAAOCAQEA
JGMXcs9UyitWZHxB4fREypmEsIaFPRHzotmXikX3TQxDqvf8REI969fbL7zNSNQE
d5Yrdk3hCu3WqtI1q/FY4vrEtrAQuxN3N4RaCnvsRKATbP15VvURQvxUCkVCrfS4
dc+qyjbv4/wnHn76QunCeiAiEhbfJH3ibVYynoucE5pJaxfEtXtu29W1bxSEMyN6
c8gxUfRixX/oP/cQTTKluHFi2ryj4dijrYSMlxznLEeoIEW98qnKysvTsynZZoVu
6Sed/L0hsdBnCU4Zj9qK2Q6TIvwUGVII5v7yUtkSgC2wkrbGm+8iy3edyZn2K7Al
bu/zv1HkZ9LiMbnDmbOp7w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:56:23 2024 by rpki-client on console-ams.rpki-client.org